========
Security
========

Connections are secured with Transport Layer Security (TLS) by default,
and passwords are only stored in memory.


REPORTING
=========

If you discover a security issue, please write an email
to the :file:`@zoho.com` address listed in my `PGP key`_.
Preferably, you encrypt the email with the `GNU Privacy Guard`_,
but I would rather you send me an encrypted email than no email.


CAVEATS
=======

Credentials are stored in memory so that they need not be entered again
in case of a referral. However, because page-locking is unfeasible in
Python, the credentials may be swapped out.

Neither TLS certificate revocation lists nor OCSP are checked.


.. _`GNU Privacy Guard`: https://gnupg.org

.. _`PGP key`: https://keys.openpgp.org/vks/v1/by-fingerprint/8975B184615BC48CFA4549056B06A2E03BE31BE9
